Configuring SYN flood protection | SYN flood attacks |
Configuring SYN flood protection
To configure the SYN flood protection
1Go to Intrusion Protection > DoS Sensor.
2Select Create New.
3Configure the options for tcp_syn_flood.
4Select OK.
Figure 18: Configuring the syn_flood anomaly
Suggested settings for different network conditions
The main setting that impacts the efficiency of the pseudo SYN proxy in detecting SYN floods is the threshold value. The default threshold is 2000. Select an appropriate value based on network conditions. Normally, if the servers being protected by the FortiGate unit need to handle heavier requests, such as a busy web server, the threshold should be set to a higher value. If the network carries lighter traffic, the threshold should be set to a lower value.
| FortiGate IPS User Guide Version 3.0 MR7 |
54 |